All Products
Search

This Product

    Elastic Compute Service:Red Hat Enterprise Linux

    Document Center

    Elastic Compute Service:Red Hat Enterprise Linux

    Last Updated:Dec 26, 2025

    This topic describes the lifecycle phases of Red Hat Enterprise Linux (RHEL) and provides solutions to mitigate the risks that arise when RHEL 7 enters the Extended Life phase.

    RHEL lifecycle

    RHEL is an enterprise-grade, open source Linux operating system developed by Red Hat. RHEL offers high stability, robust security, and comprehensive support services, making it widely used in enterprise server and data center environments. For more information, see Red Hat Enterprise Linux Life Cycle.

    The RHEL public images on Alibaba Cloud are sourced directly from Red Hat. Technical support is jointly provided by Alibaba Cloud and Red Hat in-house employees. On June 30, 2024, RHEL 7 will transition from the Maintenance Support phase to the Extended Life phase, which will last for four years. The following table describes the lifecycle phases of RHEL.

    Version

    Release date

    Mainstream Support phase

    Extended support

    End Date

    Full Support

    End date

    Phase 1: Maintenance Support 1

    End Date

    Phase 2 Maintenance Support 2

    End date

    Red Hat 10

    2025-05-20

    2030-05-31

    2035-05-31

    2038-05-31

    Red Hat 9

    2022-05-18

    2027-05-31

    2032-05-31

    2035-05-31

    Red Hat 8

    2019-05-7

    2024-05-31

    2029-05-31

    2032-05-31

    Red Hat 7

    2014-06-10

    2019-08-06

    2020-08-06

    2024-06-30

    2029-05-31

    Red Hat 6

    2010-11-10

    2016-05-10

    2017-05-10

    2020-11-30

    2024-06-30

    Red Hat 5

    2007-03-15

    2013-01-08

    2014-01-31

    2017-03-31

    2020-11-30

    Red Hat 4

    2005-02-14

    2009-03-31

    2011-02-16

    2012-02-29

    2017-03-31

    Impacts of the RHEL 7 Extended Life phase

    During the Extended Life phase of RHEL 7, Red Hat offers limited technical support. In this phase, Red Hat no longer provides vulnerability fixes, security patches, hardware enablement, or root cause analysis. Support is limited to existing installations.

    Recommended solutions after RHEL 7 enters the Extended Life phase

    When RHEL 7 enters the Extended Life phase, you must evaluate the impact as needed. For example, if the associated business is scheduled to be unpublished, you can disregard this event. For businesses that are only visible within a private network, the risks associated with the operating system's end of service are relatively manageable, and you can address this event as needed. However, for businesses that provide services over the Internet and require high system stability and security, you must carefully evaluate the end-of-service risks and develop a response plan in a timely manner:

    For new business

    We recommend that you avoid using RHEL 7 images to create new Elastic Compute Service (ECS) instances for new services, because RHEL 7 has entered the Extended Life phase. Instead, you can choose a fully compatible operating system that is in a mainstream support phase, such as RHEL 8 or RHEL 9, for your business.

    For existing business

    • In the short term, you can purchase an ELS subscription for RHEL 7 to continuously receive security updates and bug fixes.

    • If you want to maintain business stability in the long term, we recommend that you upgrade to a later version (recommended): perform an in-place upgrade from RHEL 7 to RHEL 8, or further upgrade from RHEL 8 to RHEL 9. Your existing RHEL 7 subscription can be used for the upgrade. Newer versions provide more security updates, new features, and compatibility with the latest hardware and software. After the upgrade, you will continue to receive comprehensive technical support and security updates, which effectively reduces security risks.

    Upgrade to a later version

    An in-place upgrade is the recommended and supported method for upgrading RHEL systems, especially in enterprise environments where you want to preserve existing workflows and configurations. This method lets you upgrade your RHEL system from one major version to another, such as from RHEL 7 to RHEL 8 or from RHEL 8 to RHEL 9, without performing a fresh installation. An in-place upgrade retains your existing applications, configurations, and data, and ensures that you continue to receive security updates, bug fixes, and technical support.

    Red Hat provides the Leapp tool for in-place upgrades and supports pre-upgrade checks. You can use the official Red Hat tool to perform the upgrade by remotely logging on to an ECS instance:

    • If you are using a RHEL 7 system from an Alibaba Cloud Marketplace image (which includes a subscription) or a self-imported RHEL 7 image with an Alibaba Cloud RHEL 7 subscription, see Upgrade from RHEL 7 to RHEL 8.

    • If you have a RHEL 7 system with a subscription that you purchased directly from Red Hat, see the official Red Hat document Upgrading from RHEL 7 to RHEL 8 to perform the upgrade.

    Purchase an Extended Life Cycle Support (ELS) subscription

    The Red Hat Enterprise Linux ELS Add-On is an extended lifecycle subscription offered by Red Hat. It provides you with critical and important security fixes and fixes for some urgent bugs to help mitigate security risks during the Extended Life phase. However, note that ELS is applicable only to the RHEL 7.9 version and is valid until June 30, 2028. Alibaba Cloud offers a way to purchase RHEL 7 ELS. For more information about how to purchase it, see Purchase a software license for an ECS instance (invitational preview).

    The prices for purchasing a RHEL 7 ELS Add-on subscription are as follows:

    • 1 to 8 vCPUs: monthly subscription (USD 5.24 per vCPU per month), yearly subscription (USD 54.52 per vCPU per year), and pay-as-you-go (USD 0.0084 per vCPU per hour)

    • 9 to 127 vCPUs: monthly subscription (USD 3.93 per vCPU per month), yearly subscription (USD 40.89 per vCPU per year), and pay-as-you-go (USD 0.006 per vCPU per hour)

    • 128 vCPUs or more: monthly subscription (USD 3.41 per vCPU per month), yearly subscription (USD 35.44 per vCPU per year), and pay-as-you-go (USD 0.0048 per vCPU per hour)

    FAQ

    After RHEL 7 enters the ELS phase, am I required to purchase a RHEL ELS Add-on subscription for my RHEL 7 instances?

    No, you are not. You can purchase a subscription as needed.

    After RHEL 7 enters the ELS phase, will my instances be stopped if I do not purchase a RHEL ELS Add-on subscription?

    No, they will not. The RHEL ELS Add-on subscription provides security updates and patches from Red Hat. If you do not purchase the subscription, you cannot obtain these updates, which means the security of your instances cannot be guaranteed.

    After RHEL 7 enters the ELS phase, can I renew my instances as normal if I do not purchase a RHEL ELS Add-on subscription?

    Yes, you can. Subscription RHEL instances can be renewed as usual after they expire. For more information about renewal, see Renew a subscription instance.

    After RHEL 7 enters the ELS phase, will I still be charged license fees for RHEL images?

    After RHEL 7 enters the ELS phase, RHEL 7 instances still require a RHEL license, and you must pay the RHEL subscription fee. Your subscription provides the following:

    • Published software updates and security patches for RHEL 7.

    • RHEL 8 software installation packages, which you can use to perform an in-place upgrade to RHEL 8.

    • Technical support jointly provided by Alibaba Cloud and Red Hat.

    Note

    For information about the billing of RHEL images, see Billing of images.

    For more information about questions related to RHEL 7 entering the ELS phase, see the official Red Hat FAQ document.

    How do I upgrade from RHEL 7 to RHEL 8?
    Note

    If you are using a RHEL 7.9 system and your current business must remain on the RHEL 7.9 version, we recommend that you first purchase an Alibaba Cloud Red Hat Enterprise Linux ELS Add-On subscription to continuously receive security updates and bug fixes. For more information, see Purchase an Extended Life Cycle Support (ELS) subscription.

    • Make sure that the RHEL instance to be upgraded meets the system requirements. For more information, see Red Hat Enterprise Linux Technology Capabilities and Limits.

    • Make sure that your RHEL instance is a RHEL 7 system from an Alibaba Cloud public image (which includes a RHEL 7 subscription) or a self-imported RHEL 7 system on Alibaba Cloud with a purchased Alibaba Cloud RHEL 7 subscription.

      Note

      • An Alibaba Cloud RHEL subscription provides licensed access to the software, security updates, and technical support when you use the RHEL operating system on Alibaba Cloud.

      • If you have a RHEL system with a subscription purchased directly from Red Hat, see the official Red Hat document Upgrading from RHEL 7 to RHEL 8 to perform the upgrade.

    1. Before the upgrade, we recommend that you understand the upgrade risks and create a snapshot to back up data. This lets you quickly recover data if the upgrade fails.

    2. Use the root user to remotely connect to the ECS instance that runs the RHEL system.

      For more information, see Connect to a Linux instance using Workbench.

      Important

      The upgrade operation involves modifying system configuration files and library files. Root permissions are required to ensure that the upgrade process completes successfully.

    3. Check whether your RHEL instance uses an Alibaba Cloud RHEL subscription.

      rpm -q client-rhel7

      • If no response is returned, your system does not use an Alibaba Cloud RHEL subscription. You must first purchase a subscription before you perform the upgrade.

      • If a response similar to client-rhel7-3.0-1.el7_9.noarch is returned, your system uses an Alibaba Cloud RHEL subscription. You can proceed with the upgrade.

        image

    4. Prepare the upgrade environment.

      1. Upgrade the RHEL system to the latest version. The latest version usually contains fixes for known vulnerabilities, errors, and security issues. Then, restart the system for the changes to take effect.

        yum -y update
reboot

      2. Install the Leapp upgrade tool on the RHEL system.

        yum -y install leapp leapp-rhui-alibaba --enablerepo="*"

      3. Check whether Leapp is installed.

        leapp --version

        If a response similar to leapp version xxx is returned, Leapp is installed.

    5. Perform a pre-upgrade check.

      Because system configurations can vary significantly, you must use the Leapp tool to perform a pre-upgrade check on the system before the upgrade. You can view the check results from the Leapp tool and resolve any reported issues based on the tool's suggestions to meet the upgrade requirements.

      1. Perform a pre-upgrade check.

        • Pre-upgrade to the latest version of RHEL 8.

          leapp preupgrade  --no-rhsm

        • Pre-upgrade to a specific target version. For example, upgrade RHEL 7 to RHEL 8.8.

          leapp preupgrade --no-rhsm --target 8.8
          Note

          You can run the leapp preupgrade -h command to view the target versions that the current system supports for an upgrade.

      2. View the pre-upgrade check results.

        The pre-upgrade check logs from the Leapp tool are saved in the following log files:

        • /var/log/leapp/leapp-preupgrade.log: Leapp tool logs

        • /var/log/leapp/leapp-report.txt: Pre-upgrade check report in text format

        • /var/log/leapp/leapp-report.json: Pre-upgrade check report in JSON format

        If the pre-upgrade check fails, the failed check items are displayed, as shown in the following figure.

        image.png

      3. (Conditional) Handle pre-upgrade errors.

        Check the log file /var/log/leapp/leapp-report.txt for pre-upgrade error messages and resolve the errors based on the suggestions from the Leapp tool. The following section lists common pre-upgrade check errors and their solutions by risk level.

        • high (inhibitor): High risk (inhibits upgrade). This type of issue directly blocks the upgrade process and must be resolved before you can proceed.

          • Case 1: Multiple kernel versions are installed on the system.

            Risk Factor: high (inhibitor)
Title: Multiple devel kernels installed
Summary: DNF cannot produce a valid upgrade transaction when multiple kernel-devel packages are installed.
Remediation: [hint] Remove all but one kernel-devel packages before running Leapp again.
[command] yum -y remove kernel-devel-3.10.0-1160.11.1.el7

            Solution: Multiple kernel versions are installed on the system. You need to uninstall the old kernel packages. Run the command suggested by the Leapp tool to uninstall the old kernel, for example, yum -y remove kernel-devel-3.10.0-1160.11.1.el7 in this case.

          • Case 2: Kernel modules that are not supported in RHEL 8 are loaded on the system.

            Risk Factor: high (inhibitor)                                                                                                                                                                                         
Title: Leapp detected loaded kernel drivers which have been removed in RHEL 8. Upgrade cannot proceed.                                                                                                                
Summary: Support for the following RHEL 7 device drivers has been removed in RHEL 8:                                                                                                                                  
     - floppy

            Solution: Some modules, such as the `floppy` module in this example, are not supported in RHEL 8. You can run the following command to uninstall them.

            rmmod floppy

          • Case 3: Abnormal sshd_config configuration 

            Risk Factor: high (inhibitor)
Title: Possible problems with remote login using root account
Summary: OpenSSH configuration file does not explicitly state the option PermitRootLogin in sshd_config file, which will default in RHEL8 to "prohibit-password".
Remediation: [hint] If you depend on remote root logins using passwords, consider setting up a different user for remote administration or adding "PermitRootLogin yes" to sshd_config. 
If this change is ok for you, add explicit "PermitRootLogin prohibit-password" to your sshd_config to ignore this inhibitor

            Solution:

            1. In the /etc/ssh/sshd_config configuration file, set PermitRootLogin to yes.

              Note

              The default value of PermitRootLogin is different in RHEL 7 and RHEL 8:

              • RHEL 7: The default value is yes, which indicates that the root user is allowed to log on using a password or key.

              • RHEL 8: The default value is prohibit-password, which indicates that password-based logon is prohibited.

            2. Restart the sshd service.

              systemctl restart sshd

          • Case 4: The acknowledgement file is not edited and confirmed.

            Risk Factor: high (inhibitor)
Title: Missing required answers in the answer file
Summary: One or more sections in answerfile are missing user choices: remove_pam_pkcs11_module_check.confirm
For more information consult https://leapp.readthedocs.io/en/latest/dialogs.html
Remediation: [hint] Please register user choices with leapp answer cli command or by manually editing the answerfile.
[command] leapp answer --section remove_pam_pkcs11_module_check.confirm=True

            Solution: In this case, you must delete the pam module that is not supported in RHEL 8. This action requires confirmation in the /var/log/leapp/answerfile file. Run the following command to set confirm to True.

            leapp answer --section remove_pam_pkcs11_module_check.confirm=True

            image.png

        • high: High risk. This type of issue does not directly block the upgrade, but we recommend resolving it before or after the upgrade to prevent issues after the upgrade.

          • Case 1: Some packages cannot be installed.

            Risk Factor: high
Title: Packages from unknown repositories may not be installed
Summary: 3 packages may not be installed or upgraded due to repositories unknown to leapp:
- python3-pyxattr (repoid: rhel8-CRB)
- rpcgen (repoid: rhel8-CRB)
- ustr (repoid: rhel8-CRB)
Remediation: [hint] In case the listed repositories are mirrors of official repositories for RHEL (provided by Red Hat on CDN) and their repositories IDs has been customized, you can change the configuration to use the official IDs instead of fixing the problem. You can also review the projected DNF upgrade transaction result in the logs to see what is going to happen, as this does not necessarily mean that the listed packages will not be upgraded. You can also install any missing packages after the in-place upgrade manually.

            Solution: You can manually install the missing packages after the upgrade.

          • Case 2: Some RHEL 7 packages are not upgraded.

            Risk Factor: high
Title: Some RHEL 7 packages have not been upgraded
Summary: Following RHEL 7 packages have not been upgraded:
leapp-upgrade-el7toel8-0.18.0-1.el7_9
kernel-3.10.0-1160.92.1.el7
leapp-rhui-alibaba-1.0.0-1.el7_9
Please remove these packages to keep your system in supported state.

            Solution: Run the yum remove leapp-upgrade-el7toel8-0.18.0-1.el7_9 kernel-3.10.0-1160.92.1.el7 leapp-rhui-alibaba-1.0.0-1.el7_9 command to delete these packages.

        • medium: Medium risk. This type of issue does not directly block the upgrade, but we recommend that you resolve it before or after the upgrade to prevent potential issues after the upgrade.

          Case: The pam_pkcs11 module in the PAM configuration will be removed.

          Title: Module pam_pkcs11 will be removed from PAM configuration
Summary: Module pam_pkcs11 was surpassed by SSSD and therefore it was removed from RHEL-8. Keeping it in PAM configuration may lock out the system thus it will be automatically removed from PAM configuration before upgrading to RHEL-8. Please switch to SSSD to recover the functionality of pam_pkcs11.
Remediation: [hint] Configure SSSD to replace pam_pkcs11

          Solution: To ensure that the system's authentication feature functions correctly after the upgrade, you must configure SSSD to replace the functionality of pam_pkcs11.

        • low: Low risk. This type of issue has a minor impact on the upgrade process or system operation, but we recommend that you resolve it before or after the upgrade to ensure stable system operation.

          Case: SELinux will be set to permissive mode.

          Risk Factor: low 
Title: SElinux will be set to permissive mode
Summary: SElinux will be set to permissive mode. Current mode: enforcing. This action is required by the upgrade process to make sure the upgraded system can boot without beinig blocked by SElinux rules.
Remediation: [hint] Make sure there are no SElinux related warnings after the upgrade and enable SElinux manually afterwards. Notice: You can ignore the "/root/tmp_leapp_py3" SElinux warnings.

          Solution: After the upgrade, make sure that there are no SELinux-related warnings, and then reset SELinux to enforcing mode to ensure system security and compliance.

        • info: Informational. This type of issue is usually an informational message and does not affect the upgrade process or system operation. You can view the specific messages in the report to understand the changes that will occur during the upgrade process.

          Case: The release version in /etc/dnf/vars/releasever will be set to the current target version.

          Risk Factor: info 
Title: Release version in /etc/dnf/vars/releasever will be set to the current target release
Summary: On this system, Leapp detected "releasever" variable is either configured through DNF/YUM configuration file and/or the system is using RHUI infrastructure. To avoid issues with repofile URLs (when --release option is not provided) in cases where there is the previous major.minor version value in the configuration, release version will be set to the target release version (8.8). This will also ensure the system stays on the expected target version after the upgrade

          Solution: No action is required.

    6. Perform the upgrade.

      • Upgrade to the latest version of RHEL 8.

        leapp upgrade  --no-rhsm

      • Upgrade to a specific target version. For example, upgrade RHEL 7 to RHEL 8.8.

        leapp upgrade  --no-rhsm --target 8.8

      The following figure indicates that the upgrade is successful.

      image.png

    7. Restart the instance and boot into the new system.

      reboot

    8. Verify the upgrade result.

      • Run the cat /etc/redhat-release command to check whether the system version is updated.

      • Check the upgrade execution logs or reports for any errors.

      • Observe whether your business runs correctly on the RHEL 8 system.

    9. (Conditional) Run the following commands to configure the RHEL source.

      After you use the Leapp upgrade tool to complete the upgrade, the /etc/dnf/vars/releasever file is modified by default to lock the system to a specific minor version of RHEL. For example, for RHEL 8.8, the repository source points to https://xxxx/8.8/xxx, so you can only access packages for the RHEL 8.8 version. If you want to automatically access the packages of the latest RHEL 8 version to obtain the latest security patches and feature updates, you can delete the releasever configuration file and rebuild the DNF cache.

      rm -f /etc/dnf/vars/releasever
dnf clean all && dnf makecache

      After the command is run, the repository source for RHEL 8 is updated to https://xxxx/8/xxx. The system can then automatically obtain the latest security patches and feature updates for RHEL 8, which ensures that the system remains up to date.

    How do I upgrade from RHEL 8 to RHEL 9?

    • Make sure that the RHEL instance to be upgraded meets the system requirements. For more information, see Red Hat Enterprise Linux Technology Capabilities and Limits.

    • Make sure that your RHEL instance is a RHEL 8 system from an Alibaba Cloud public image (which includes a RHEL 8 subscription) or a self-imported RHEL 8 system on Alibaba Cloud with a purchased Alibaba Cloud RHEL 8 subscription.

      Note

      • An Alibaba Cloud RHEL subscription provides licensed access to the software, security updates, and technical support when you use the RHEL operating system on Alibaba Cloud.

      • If you have a RHEL system with a subscription purchased directly from Red Hat, see the official Red Hat document Upgrading from RHEL 8 to RHEL 9 to perform the upgrade.

    1. Before the upgrade, we recommend that you understand the upgrade risks and create a snapshot to back up data. This lets you quickly recover data if the upgrade fails.

    2. Use the root user to remotely connect to the ECS instance that runs the RHEL system.

      For more information, see Connect to a Linux instance using Workbench.

      Important

      The upgrade operation involves modifying system configuration files and library files. Root permissions are required to ensure that the upgrade process completes successfully.

    3. Check whether your RHEL instance uses an Alibaba Cloud RHEL subscription.

      rpm -qa |grep aliyun

      • If no response is returned, your system does not use an Alibaba Cloud RHEL subscription. You must first purchase a subscription before you perform the upgrade.

      • If you receive a response that contains a minor version, such as rhel8.6, you must first submit a ticket to obtain and install the latest RPM package before you execute the upgrade.

        image

        Note

        When you run RHEL on Alibaba Cloud, the system accesses Red Hat software repositories through Alibaba Cloud's Red Hat Update Infrastructure (RHUI) service. If a package for a specific minor version, such as aliyun_rhel8.6-2.0-1.noarch, is installed, the system may fail to connect to RHUI. This failure prevents you from obtaining software updates or upgrading to a new version.

      • If a response for a subscription package similar to aliyun_rhui_rhel8-2.0-3.x86_64 is returned, your system uses an Alibaba Cloud RHEL subscription. You can proceed with the upgrade.

        image

    4. Prepare the upgrade environment.

      1. Upgrade the RHEL system to the latest version. The latest version usually contains fixes for known vulnerabilities, errors, and security issues. Then, restart the system for the changes to take effect.

        yum -y update
reboot

      2. Install the Leapp upgrade tool on the RHEL system.

        yum -y install leapp leapp-rhui-alibaba --enablerepo="*"

      3. Check whether Leapp is installed.

        leapp --version

        If a response similar to leapp version xxx is returned, Leapp is installed.

    5. Perform a pre-upgrade check.

      Because system configurations can vary significantly, you must use the Leapp tool to perform a pre-upgrade check on the system before the upgrade. You can view the check results from the Leapp tool and resolve any reported issues based on the tool's suggestions to meet the upgrade requirements.

      1. Perform a pre-upgrade check.

        • systemctl stop systemd-resolved
systemctl disable  systemd-resolved

        • Pre-upgrade to the latest version of RHEL 9.

          leapp preupgrade  --no-rhsm

        • Pre-upgrade to a specific target version. For example, upgrade RHEL 8 to RHEL 9.4.

          leapp preupgrade --no-rhsm --target 9.4
          Note

          You can run the leapp preupgrade -h command to view the target versions that the current system supports for an upgrade.

      2. View the pre-upgrade check results.

        The pre-upgrade check logs from the Leapp tool are saved in the following log files:

        • /var/log/leapp/leapp-preupgrade.log: Leapp tool logs

        • /var/log/leapp/leapp-report.txt: Pre-upgrade check report in text format

        • /var/log/leapp/leapp-report.json: Pre-upgrade check report in JSON format

        If the pre-upgrade check fails, the failed check items are displayed, as shown in the following figure.

        image

      3. (Conditional) Handle pre-upgrade errors.

        Check the log file /var/log/leapp/leapp-report.txt for pre-upgrade error messages and resolve the errors based on the suggestions from the Leapp tool. The following section lists common pre-upgrade check errors and their solutions by risk level.

        • high: High risk. This type of issue does not directly block the upgrade, but we recommend that you resolve it before or after the upgrade to prevent issues after the upgrade.

          • Case 1: Custom Leapp actors or files were detected.

            Risk Factor: high 
Title: Detected custom leapp actors or files.
Summary: We have detected installed custom actors or files on the system. These can be provided e.g. by third party vendors, Red Hat consultants, or can be created by users to customize the upgrade (e.g. to migrate custom applications). This is allowed and appreciated. However Red Hat is not responsible for any issues caused by these custom leapp actors. Note that upgrade tooling is under agile development which could require more frequent update of custom actors.
The list of custom leapp actors and files:
    - /usr/share/leapp-repository/repositories/system_upgrade/common/files/rhui/alibaba/content.crt
    - /usr/share/leapp-repository/repositories/system_upgrade/common/files/rhui/alibaba/key.pem
    - /usr/share/leapp-repository/repositories/system_upgrade/common/files/rhui/alibaba/leapp-alibaba.repo
Related links:
    - Customizing your Red Hat Enterprise Linux in-place upgrade: https://red.ht/customize-rhel-upgrade
Remediation: [hint] In case of any issues connected to custom or third party actors, contact vendor of such actors. Also we suggest to ensure the installed custom leapp actors are up to date, compatible with the installed packages.

            Solution: Ensure that the custom actors are up to date and compatible with the Leapp tool and the system environment. After the upgrade, verify that the system runs correctly and promptly resolve any issues caused by the custom actors. For more information about how to manage custom actors, see Customizing your Red Hat Enterprise Linux in-place upgrade.

          • Case 2: The GRUB2 configuration will be automatically updated during the upgrade.

            Risk Factor: high 
Title: GRUB2 core will be automatically updated during the upgrade
Summary: On legacy (BIOS) systems, GRUB2 core (located in the gap between the MBR and the first partition) cannot be updated during the rpm transaction and Leapp has to initiate the update running "grub2-install" after the transaction. No action is needed before the upgrade. After the upgrade, it is recommended to check the GRUB configuration.

            Solution: After the upgrade, check the GRUB configuration to ensure that the system starts correctly.

        • low: Low risk. This type of issue has a minor impact on the upgrade process or system operation, but we recommend that you resolve it before or after the upgrade to ensure stable system operation.

          Case: SELinux will be set to permissive mode.

          Risk Factor: low 
Title: SElinux will be set to permissive mode
Summary: SElinux will be set to permissive mode. Current mode: enforcing. This action is required by the upgrade process to make sure the upgraded system can boot without beinig blocked by SElinux rules.
Remediation: [hint] Make sure there are no SElinux related warnings after the upgrade and enable SElinux manually afterwards. Notice: You can ignore the "/root/tmp_leapp_py3" SElinux warnings.

          Solution: After the upgrade, make sure that there are no SELinux-related warnings, and then reset SELinux to enforcing mode to ensure system security and compliance.

        • info: Informational. This type of issue is usually an informational message and does not affect the upgrade process or system operation. You can view the specific messages in the report to understand the changes that will occur during the upgrade process.

          Case: Some target system repositories are excluded.

          Risk Factor: info 
Title: Excluded target system repositories
Summary: The following repositories are not supported by Red Hat and are excluded from the list of repositories used during the upgrade.
- rhui-codeready-builder-for-rhel-9-aarch64-rhui-rpms
- codeready-builder-for-rhel-9-aarch64-rpms
- codeready-builder-for-rhel-9-s390x-rpms
- codeready-builder-beta-for-rhel-9-ppc64le-rpms
- codeready-builder-for-rhel-9-x86_64-rpms
Remediation: [hint] If some of excluded repositories are still required to be used during the upgrade, execute leapp with the --enablerepo option with the repoid of the repository required to be enabled as an argument (the option can be used multiple times).

          Solution: If some of the excluded repositories still need to be enabled during the upgrade process, you can use the --enablerepo option to enable them.

    6. Perform the upgrade.

      • Upgrade to the latest version of RHEL 9.

        leapp upgrade  --no-rhsm

      • Upgrade to a specific target version. For example, upgrade RHEL 8 to RHEL 9.4.

        leapp upgrade  --no-rhsm --target 9.4

      The following figure indicates that the upgrade is successful.

      image

    7. Restart the instance and boot into the new system.

      reboot

    8. Verify the upgrade result.

      • Run the cat /etc/redhat-release command to check whether the system version is updated.

      • Check the upgrade execution logs or reports for any errors.

      • Observe whether your business runs correctly on the RHEL 9 system.

    9. (Conditional) Run the following commands to configure the RHEL source.

      After you use the Leapp upgrade tool to complete the upgrade, the /etc/dnf/vars/releasever file is modified by default to lock the system to a specific minor version of RHEL. For example, for RHEL 9.4, the repository source points to https://xxxx/9.4/xxx, so you can only access packages for the RHEL 9.4 version. If you want to automatically access the packages of the latest RHEL 9 version to obtain the latest security patches and feature updates, you can delete the releasever configuration file and rebuild the DNF cache.

      rm -f /etc/dnf/vars/releasever
dnf clean all && dnf makecache

      After the command is run, the repository source for RHEL 9 is updated to https://xxxx/9/xxx. The system can then automatically obtain the latest security patches and feature updates for RHEL 9, which ensures that the system remains up to date.

    Reference

    For more information about operating system lifecycles, the characteristics of each phase, and general solutions for end-of-life or extended support phases, see Operating system lifecycle.